Update github-actions#491
Conversation
gardener-ci-robot
requested review from
holgerkoser and
petersutter
as code owners
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
gardener-prow
Bot
added
cla: yes
gardener-ci-robot
changed the title
gardener-ci-robot
force-pushed
the
renovate/github-actions
branch
from
08de0ba to
0788406
Compare
gardener-prow
Bot
added
cla: no
gardener-ci-robot
force-pushed
the
renovate/github-actions
branch
2 times, most recently
from
264eb91 to
aa5dacf
Compare
gardener-ci-robot
force-pushed
the
renovate/github-actions
branch
from
aa5dacf to
1074d98
Compare
1 participant
This PR contains the following updates:
v1.24.1→1.25.2v0.5.3→v0.5.6Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
zizmorcore/zizmor (ghcr.io/zizmorcore/zizmor)
v1.25.2Compare Source
Bug Fixes 🐛🔗
v1.25.0Compare Source
New Features 🌈🔗
zizmor's finding severities can now be remapped on a per-audit basis. See the configuration for details (#1913)
Many thanks to @Proximyst for proposing and implementing this improvement!
New audit: github-app detects dangerous usages of GitHub App installation tokens (#1926)
New audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (#1820)
zizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (#1935)
zizmor's LSP now honors the --persona flag on the CLI (#1943)
zizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for "composite" actions (#1965)
Enhancements🔗
Recommend gh issue edit --add-label / gh pr edit --add-label as a replacement for actions-ecosystem/action-add-labels in superfluous-actions
Recommend gh issue edit --remove-label / gh pr edit --remove-label as a replacement for actions-ecosystem/action-remove-labels in superfluous-actions
Recommend jq as a replacement for sergeysova/jq-action in superfluous-actions
Recommend git add, git commit, and git push as a replacement for stefanzweifel/git-auto-commit-action in superfluous-actions
Recommend git add, git commit, and git push as a replacement for EndBug/add-and-commit in superfluous-actions
tibdex/github-app-token is now recognized as an archived action by archived-uses (#1910)
The [dangerous-triggers] audit now explicitly exempts workflows that only invoke actions/labeler (#1956)
The unpinned-images audit now detects unpinned image references in Docker-based action definitions (#1965)
zizmor's SARIF output now provides slightly more detailed finding messages (#1972)
The archived-uses audit now detects more archived actions (#1978)
deno is now recognized as a package-ecosystem in dependabot.yml (#1991)
Performance Improvements 🚄🔗
The impostor-commit audit is now significantly faster (in addition to being more correct) when the user has pinned their action to a tag SHA instead of a commit SHA (#1998)
Bug Fixes 🐛🔗
Fixed a crash in the template-injection audit when a workflow uses a parenthesized compound expression in context position (#1904)
Fixed a bug where local directory input collection could miss workflows for relative-path invocations from within .github subdirectories (#1909)
Fixed a bug where the unpinned-images audit would miss images defined in container:![]()
clauses (#1944)
Fixed a bug where inline ignore comments could not be easily applied to superfluous-actions findings (#1945)
Fixed a bug where the cache-poisoning audit would fail to detect some release trigger patterns (#1946)
Fixed a bug where inline ignore comments could not be easily applied to cache-poisoning findings (#1962)
Fixed a class of imprecisions where the cache-poisoning audit would incorrectly flag cache usage that doesn't actually occur on release events (#1940)
Many thanks to @reubenwong97 for implementing this fix!
Fixed a bug where dependabot.yml files containing a private cargo repository couldn't be parsed (#1976)
Fixed a bug where zizmor's input validation warnings lacked a mention of which files failed to validate (#1980)
Fixed a bug where the impostor-commit audit would falsely indicate impostor commits if an action was pinned to a tag SHA instead of a commit SHA (#1998)
zizmorcore/zizmor-action (zizmorcore/zizmor-action)
v0.5.6Compare Source
v0.5.5Compare Source
v0.5.4Compare Source
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate.